restrict by IP for some users

Grant emailgrant at gmail.com
Fri Feb 7 17:08:09 UTC 2014


>> I'd like to restrict access to a server block to authenticated users.
>> Some of the users should be able to access it from any IP and some of
>> the users should be blocked unless they are coming from a particular
>> IP.  How is this done in nginx?
>
> Perhaps something along these lines?
>
> User "a" must come from an address listed in "geo $goodip".
> Other users may come from anywhere.
>
> ===
> map $remote_user $userip {
>  default 1;
>  a $goodip;
> }
>
> geo $goodip {
>  default 0;
>  127.0.0.0/24 1;
> }
>
> server {
>  auth_basic "This Site";
>  auth_basic_user_file htpasswd;
>  if ($userip = 0) {
>   return 403;
>  }
> }

Interesting solution.  I never would have thought of that.  I was
using an alias to do this in apache.  Are there performance
implications of adding the geo and map modules to nginx and running
that code?

- Grant



More information about the nginx mailing list